Vulnerable 4.2.2 WordPress sites are leaking credentials to cybercriminals

Researchers from zScaler have discovered a campaign which is using vulnerable WordPress sites to collect and leak user credentials via a backdoor.

The cybercriminals are doing this via a backdoor which is activated once the WordPress user log in via the login page.

The log data is encrypted and sent to a specific domain. The vulnerability is exploited in such a way that the user will not become alerted once logged in.

The following is a sample list of WordPress websites compromised through this campaign:

  • shoneekapoor.com
  • dwaynefrancis.com
  • blissfields.co.uk
  • avalineholding.com
  • attherighttime.net
  • bolsaemprego.ne
  • capitaltrill.com
  • blowdrybar.es
  • espada.co.uk
  • technograte.com
  • socalhistory.org
  • blissfields.co.uk
  • glasgowcontemporarychoir.com
  • sombornefp.co.uk
  • reciclaconloscincosentidos.com
  • testrmb.com
  • digivelum.com
  • laflordelys.com